WebSVN 2.0 - Cross-Site Scripting / File Handling / Code Execution

WebSVN alertdocument.cookie; A url like the one above would display a JavaScript alert window containing the cookie data of any set cookies for the domain. File Handling Issues: There are some file handling issues in the RSS functionality used by WebSVN. The issue is caused by the following bit o...

phpScheduleIt 1.2.10 - reserve.php Remote Code Execution

phpScheduleIt 1.2.10 - reserve.php Remote Code Execution settitletranslate"Processing $Class"; 53. $t-printHTMLHeader; 54. $t-startMain; 55. 56. processreservation$POST'fn'; 57. 58. else 59. $resinfo = getResInfo; 60. $t-settitle$resinfo'title'; 61. $t-printHTMLHeader; 62. $t-startMain; 63...

XSS in admin logs - vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower

====================================================================== Advisory : XSS in admin logs Release Date : July 06th 2008 Application : vBulletin Version : vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower Platform : PHP Vendor URL : http://www.vbulletin.com/ Authors : Jessica Hop...

CVE-2008-0820

CVE-2008-0820 affects Etomite 0.6.1.4 Final with a reported XSS in index.php exploitable via the server variable (initially cited as $_SERVER['PHP_INFO'], vendor later asserts the variable is $_SERVER['PHP_SELF']). Multiple sources corroborate an XSS vulnerability, but the vendor disputes the rep...

CVE-2008-0497

Cross-site scripting XSS vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, which is not quoted when processing PHPSELF...

Cross site scripting

Cross-site scripting XSS vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, which is not quoted when processing PHPSELF...

CVE-2008-0497

Cross-site scripting XSS vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, which is not quoted when processing PHPSELF...

Discuz! "$_SERVER['PHP_SELF']" XSS Vulnerability

在common.inc.php文件的69行： $PHPSELF = $SERVER'PHPSELF' ? $SERVER'PHPSELF' : $SERVER'SCRIPTNAME'; $SCRIPTFILENAME = strreplace'\\', '/', isset$SERVER'PATHTRANSLATED' ? $SERVER'PATHTRANSLATED' : $SERVER'SCRIPTFILENAME'; $boardurl = 'http://'.$SERVER'HTTPHOST'.pregreplace"//+api|archiver|wap?/$/i",...

Kayako SupportSuite 3.0.32 - PHP_SELF Trigger_Error Function Cross-Site Scripting

Kayako SupportSuite 3.0.32 - PHPSELF TriggerError Function Cross-Site Scripting source: https://www.securityfocus.com/bid/26744/info SupportSuite is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...

CVE-2007-5980

Cross-site scripting XSS vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

Cross site scripting

Cross-site scripting XSS vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

autoindex-xss.txt

====================================================================== AutoIndex Impact: Cross Site Scripting Denial of Service DoS Status: patch available ------------------------------ Affected software description: ------------------------------ Application: AutoIndex Version:...

Cross site scripting

Cross-site scripting XSS vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHPSELF in 1 redirect.php, possibly related to 2 login.php, different vectors than CVE-2007-2865...

CVE-2007-5728

Cross-site scripting XSS vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHPSELF in 1 redirect.php, possibly related to 2 login.php, different vectors than CVE-2007-2865...

CVE-2007-5728

Cross-site scripting XSS vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHPSELF in 1 redirect.php, possibly related to 2 login.php, different vectors than CVE-2007-2865...

CVE-2005-4861

Ragnarok Online Control Panel (ROCP) 4.3.4a is affected by CVE-2005-4861. The vulnerability arises in functions.php where CHECK_AUTH mishandles a trailing "/login.php" in PHP_SELF, allowing remote attackers to bypass authentication when accessing account_manage.php. Reported impact is authenticat...

CVE-2005-4861

functions.php in Ragnarok Online Control Panel ROCP 4.3.4a allows remote attackers to bypass authentication by requesting accountmanage.php with a trailing "/login.php" PHPSELF value, which is not properly handled by the CHECKAUTH function...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Olate Download od 3.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the PHPSELF variable in modules/core/uim.php and 2 url tags in a comment in modules/core/fldm.php...

CVE-2007-4541

Multiple cross-site scripting XSS vulnerabilities in Olate Download od 3.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the PHPSELF variable in modules/core/uim.php and 2 url tags in a comment in modules/core/fldm.php...

CVE-2007-4541

Multiple cross-site scripting XSS vulnerabilities in Olate Download od 3.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the PHPSELF variable in modules/core/uim.php and 2 url tags in a comment in modules/core/fldm.php...